Re: arp table overflow due to windows worm (resolved)

To: debian-security@lists.debian.org
Subject: Re: arp table overflow due to windows worm (resolved)
From: Ben Goedeke <goedeke-deb-sec@gmx.net>
Date: Mon, 18 Oct 2004 13:53:14 +0200
Message-id: <[🔎] 4173AEAA.1010602@gmx.net>
In-reply-to: <[🔎] 41705DE8.1010400@gmx.net>
References: <[🔎] 41705DE8.1010400@gmx.net>

Thank you guys so much. It's resolved. The problem was indeed that mydefault route was via the external IP of my firewall so that it tried toresolve all 134.102.0.0/16 IPs to mac addresses. Raising the arp cacheto 2^16 worked as a hot fix.

In my defense: When I started working here I did inquire about thegateway to use and I was told I don't need one. I thought that odd backthen but didn't realize the implications of this. And it did work forquite a while. Until now that is.

Now I've got a proper gateway entry that's outside of my net in aneighbouring /24 subnet and I reduced the arp cache size to 1024 again.And even though I can see 5 infected machine blasting through thenetwork right now everything works fine.


Cheers, Ben

Reply to:

References:
- arp table overflow due to windows worm
  - From: Ben Goedeke <goedeke-deb-sec@gmx.net>

Prev by Date: Re: [SECURITY] [DSA 556-2] New netkit-telnet packages really fix denial of service
Next by Date: Re: xfree86_4.1.0-16woody4_alpha.changes REJECTED
Previous by thread: Re: arp table overflow due to windows worm
Next by thread: Re: [SECURITY] [DSA 556-2] New netkit-telnet packages really fix denial of service
Index(es):
- Date
- Thread